From: serassio <> Date: Sat, 19 Mar 2005 23:02:47 +0000 (+0000) Subject: Forward port of all latest 2.5 changes X-Git-Tag: SQUID_3_0_PRE4~829 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b10eaeab79879506cfaeb17255e36d0167113df6;p=thirdparty%2Fsquid.git Forward port of all latest 2.5 changes --- diff --git a/helpers/external_acl/ldap_group/ChangeLog b/helpers/external_acl/ldap_group/ChangeLog index 7914e6cb68..de1665c947 100644 --- a/helpers/external_acl/ldap_group/ChangeLog +++ b/helpers/external_acl/ldap_group/ChangeLog @@ -1,3 +1,9 @@ +Version 2.16 + +2004-10-21 Henrik Nordstrom + + Documentation fixes + Version 2.15 2004-08-15 Henrik Nordstrom diff --git a/helpers/external_acl/ldap_group/squid_ldap_group.8 b/helpers/external_acl/ldap_group/squid_ldap_group.8 index 74769aa4b2..4bafafd8ac 100644 --- a/helpers/external_acl/ldap_group/squid_ldap_group.8 +++ b/helpers/external_acl/ldap_group/squid_ldap_group.8 @@ -1,4 +1,4 @@ -.TH squid_ldap_group 8 "17 July 2004" "Squid LDAP Group" +.TH squid_ldap_group 8 "14 January 2005" "Squid LDAP Group" . .SH NAME squid_ldap_group - Squid LDAP external acl group helper @@ -9,6 +9,15 @@ squid_ldap_group -b "base DN" -f "LDAP search filter" [options] [ldap_server_nam .SH DESCRIPTION This helper allows Squid to connect to a LDAP directory to authorize users via LDAP groups. +LDAP options are specified as parameters on the command line, +while the username(s) and group(s) to be checked against the +LDAP directory are specified on subsequent lines of input to the +helper, one username/group pair per line separated by a space. +.P +As expected by the external_acl construct of Squid, after +specifying a username and group followed by a new line, this +helper will produce either OK or ERR on the following line +to show if the user is a member of the specified group. .P The program operates by searching with a search filter based on the users user name and requested group, and if a match @@ -119,6 +128,10 @@ Specify an alternate TCP port where the ldap server is listening if other than the default LDAP port 389. . .TP +.BI -v " 2|3" +LDAP protocol version. Defaults to 2 if not specified. +. +.TP .BI -Z Use TLS encryption . diff --git a/helpers/external_acl/ldap_group/squid_ldap_group.c b/helpers/external_acl/ldap_group/squid_ldap_group.c index d97fbb83d3..2d1efaef5d 100644 --- a/helpers/external_acl/ldap_group/squid_ldap_group.c +++ b/helpers/external_acl/ldap_group/squid_ldap_group.c @@ -113,6 +113,10 @@ static int readSecret(char *filename); /* Yuck.. we need to glue to different versions of the API */ +#ifndef LDAP_NO_ATTRS +#define LDAP_NO_ATTRS "1.1" +#endif + #if defined(LDAP_API_VERSION) && LDAP_API_VERSION > 1823 static int squid_ldap_errno(LDAP * ld) @@ -672,6 +676,7 @@ searchLDAPGroup(LDAP * ld, char *group, char *member, char *extension_dn) LDAPMessage *res = NULL; LDAPMessage *entry; int rc; + char *searchattr[] = {LDAP_NO_ATTRS, NULL}; if (extension_dn && *extension_dn) snprintf(searchbase, sizeof(searchbase), "%s,%s", extension_dn, basedn); @@ -686,7 +691,7 @@ searchLDAPGroup(LDAP * ld, char *group, char *member, char *extension_dn) if (debug) fprintf(stderr, "group filter '%s', searchbase '%s'\n", filter, searchbase); - rc = ldap_search_s(ld, searchbase, searchscope, filter, NULL, 1, &res); + rc = ldap_search_s(ld, searchbase, searchscope, filter, searchattr, 1, &res); if (rc != LDAP_SUCCESS) { if (noreferrals && rc == LDAP_PARTIAL_RESULTS) { /* Everything is fine. This is expected when referrals @@ -725,6 +730,7 @@ searchLDAP(LDAP *ld, char *group, char *login, char *extension_dn) LDAPMessage *entry; int rc; char *userdn; + char *searchattr[] = {LDAP_NO_ATTRS, NULL}; if (extension_dn && *extension_dn) snprintf(searchbase, sizeof(searchbase), "%s,%s", extension_dn, userbasedn ? userbasedn : basedn); else @@ -733,7 +739,7 @@ searchLDAP(LDAP *ld, char *group, char *login, char *extension_dn) snprintf(filter, sizeof(filter), usersearchfilter, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login); if (debug) fprintf(stderr, "user filter '%s', searchbase '%s'\n", filter, searchbase); - rc = ldap_search_s(ld, searchbase, searchscope, filter, NULL, 1, &res); + rc = ldap_search_s(ld, searchbase, searchscope, filter, searchattr, 1, &res); if (rc != LDAP_SUCCESS) { if (noreferrals && rc == LDAP_PARTIAL_RESULTS) { /* Everything is fine. This is expected when referrals